[TriLUG] Fwd: [support] Accountability and possible solutions

Ed Hill ed at eh3.com
Thu Sep 11 20:49:20 EDT 2003


Hi Dave,

Good for you!  Its great to see someone standing up and making a calm
and well-reasoned case for greater diversity in campus computing.  While
at Mines I used Linux for almost all our data acquisition boxes and the
group's web server.  As far as I know, we never lost any data to OS
lockups.  Some of those machines now have "uptimes" that pre-date my
departure.  Its a good feeling!

Even here at MIT (with its huge and pervasive Unix/Linux "Project
Athena"), we're having serious problems with recent Windows worms and
viruses (please see below).  The campus email system was brought to a
crawl recently.  And I had two separate visits today by support people
within our department looking for Windows boxes to patch.

"None in this office!" I could cheerfully report.

Ed


=== FORWARDED MESSAGE ===

           From: 
James D. Bruce
<jdb at MIT.EDU>
             To: 
The MIT Community
<all-mit at mit.edu>
        Subject: 
LATEST (9/10/2003)
Windows
Vulnerability -
please patch now
           Date: 
Thu, 11 Sep 2003
17:31:41 -0400
(EDT)

To the MIT Community:

First, if you are not running a Windows machine, please delete this
mail now, and please accept my apology for this intrusion.

If you are running a Windows machine, please read this message and
follow the steps described to patch your computer's operating system.
You will be DISCONNECTED from the network if your system is
compromised.

MAJOR VULNERABILITIES IN THE WINDOWS OPERATING SYSTEM
On September 10, 2003, Microsoft announced another NEW critical patch
for a major vulnerability in the Windows operating system (Security
Bulletin MS03-039

   <http://www.microsoft.com/security/security_bulletins/ms03-039.asp>).

All machines that have recently been patched for the MS03-026
vulnerability are once again vulnerable to a new known method of
remote compromise.

I write to ask all Windows users to IMMEDIATELY install the new patch
made available by Microsoft.  Patches are available by running Windows
Update on your Windows machine, or by visiting

    <http://windowsupdate.microsoft.com/>

from Internet Explorer.

To prevent your machine from being compromised while you are applying
the patch, IS's Network Security Team encourages users to implement
port filtering described at

    <http://web.mit.edu/net-security/prevent-reinfection.html>.

Once patched, you should undo the port filtering to enable normal
network functionality.

For more information from MIT on the vulnerability, please visit

    <http://web.mit.edu/net-security/windows.html>

I want to thank all of you for your vigilance.  I know that it is a
real nuisance to keep updating your operating system software but
doing so is crucial to IS's being able to keep its network up and
available.  So, please take a moment now to update your system.


.........................................................jim

=================================================================
James D. Bruce                               Email:jdb at mit.edu
Professor of Electrical Engineering and      Voice: 617-253-3103
  Vice President for Information Systems      Fax:  617-253-0750
Massachusetts Institute of Technology        Room:  10-215
77 Massachusetts Avenue;  Cambridge, MA 02139-4307
=================================================================
=== FORWARDED MESSAGE ===

-- 
Edward H. Hill III, PhD
office:  MIT Dept. of EAPS;  Room 54-1424;  77 Massachusetts Ave.
            Cambridge, MA 02139-4307
email:   eh3 at mit.edu,  ed at eh3.com
URL:     http://web.mit.edu/eh3/
phone:   617-253-0098
fax:     617-253-4464
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030912/f72e2f18/attachment.pgp>


More information about the TriLUG mailing list